“Phishing” is the practice of directing users to fraudulent Web sites in an attempt to fool the user into believing he or she has accessed the legitimate Web site of a provider, such as a financial institution or e-commerce site. Despite the existence of various security measures provided by Web browsers, phishing and other spoof sites attempt to mimic the content, look & feel, and even the security features of the genuine site so that users will fail to recognize that they have not accessed the legitimate site.
In order to prevent phishing and other similar attempts to pass off fraudulent Web pages as authentic or verified sites, a number of verification logos exist in the marketplace today. These include for example VeriSign Secured™, the BBB Online™, and Comodo TrustLogo™. However, a common problem with these logos is that a user, at least initially, has no idea whether the logo is genuine or has merely been copied from a legitimate site and placed on the current provider's site. The user is required to perform some further action to verify identity. Comodo's TrustLogo™, for instance, simply allows the user to roll the mouse over the logo and thereby obtain auxiliary information intended to confirm the identity of the site. With the VeriSign Secured™ logo, the user clicks on the logo, which then brings up another browser window with information about the site. The user must then manually compare and verify this information with the information that appears in the browser's address bar in order to ascertain whether the site is authentic, i.e., that the site is trustworthy and that the provider of that site is the company or organization that it claims to be. In some instances, such as with TrustLogo™, the entire rollover information effect can be spoofed.
Unfortunately, most users are either insufficiently aware or unwilling to make the effort to properly carry out the necessary manual steps to verify that a site is in fact authentic and legitimate. See for example “Why Phishing Works,” R. Damija, J. D. Tygar, M. Hearst which is available at the following Web address http://people.deas.harvard.edu/˜rachna/papers/why_phishing_works.pdf, the contents of which are incorporated herein by reference. Indeed, as the above reference suggests, as many as one in four users does not even look at basic browser-based security cues such as the address bar of the browser, as a result of which they are incapable of carrying out the more elaborate steps necessary to ensure authenticity of the site.
Furthermore, because these existing logo solutions use images that are uniform across all sites, the logos may be freely copied by fraudsters (along with popup and/or auxiliary windows) rendering them susceptible to spoofing and phishing sites. For example, a phishing site www.53.com.wps.portal.secure.ansible.st may still link to the VeriSign Secured site for www.53.com even though the site names don't match. Many users will not notice the difference.
As a result, although these prior art “trust seals” are intended to assure consumers that a site is run by the party it claims to be from and/or that it will use techniques such as encryption to protect sensitive data, the ability to spoof these seals means they are not sufficiently secure for ecommerce and other sensitive on-line activities.
In an effort to provide further security to users, site providers on the Internet are increasingly using two-part (or two-factor) authentication schemes. For example, some bank logon systems are now presenting a visual icon to the user after providing some personally identifying information (PII), so the user knows he is on the correct site. While this does let the consumer know when a phishing attack has occurred, the consumer may only determine this after having already entered some PII, the integrity of the consumer's account may be at least partially compromised, and the consumer may need to cancel the account, which is time-consuming and inconvenient. Furthermore, where a banking relationship does not yet exist, such icon-based authentication systems cannot be used when initially signing up for new accounts and services since the two parties have not yet agreed on the shared image.
Moreover, even two-part authentication schemes employing hardware tokens for security have been spoofed by man-in-the-middle attacks. For instance, the paper http://paranoia.dubfire.net/2007/04/deceit-augmented-man-in-middle-attack.html, the contents of which are incorporated herein by reference, describes a proof of concept of such an attack upon Bank of America's SiteKey® service. Similarly, the Washington Post article by Brian Krebs, available at the following Web address http://blog.washingtonpost.com/securityfix/2006/07/citibank_phish_spoofs—2factor—1.html, the contents of which are incorporated herein by reference, describes an actual attack upon Citibank by a Russian attacker.
Further compounding problems with image-based authentication schemes is the fact that users with a number of relationships with various providers of goods and services need to choose a different image for each provider relationship. This occurs because providers do not share their images with each other. In addition, providers of sensitive services, such as banking, require a very low level of chance “crackability”. For that reason, they may have collections of tens of thousands of icons, of which they present only a few dozen to any one user to choose from. Thus, the likelihood of a consumer being able to choose similar icons (for ease of remembrance) across multiple banks or providers is quite low. In addition, as industry use of two-factor authentication image-based authentication grows, users may be facing a case of “icon confusion” in attempting to remember which icon is associated with which provider.
As an example, in U.S. Pat. No. 7,100,049, Gasparini et al. disclose a method of authenticating a web site to a user via customization of a web page. The user must initially register with the provider's web site, and material with which to customize the web page is stored in a database at the provider's site. However, such a mutual authentication method requires a preexisting relationship between the user and the web site operator. This is problematic in the case of, for instance, a financial institution's web site for signing up a new customer. Furthermore, the personally identifying information (such as a photograph of the user) is stored outside of the user's control. Moreover, as the provider web site is serving the customization data, the provider could potentially incur liability for unauthorized or illegal content (for example, for storing pornographic images).
Similarly, in US Patent Application Publication 2006/0200855 A1, Willis discloses a system for the authentication of a plurality of electronic entities (or providers) by a plurality of users. However, the users in this system are required to register with an authenticating entity before any electronic entity can be authenticated. This is an undesirable requirement that many users will object to or otherwise fail to comply with. It also requires users to store personally identifiable information at the authenticating entity and therefore outside of the user's control.
There is therefore a need for a more effective network site verification system and method that: (i) can effectively provide a user with automatic and immediate verification without the user having to click through or otherwise carry out any additional steps after having accessed the site; (ii) can use the same user-recognizable verification information for different provider sites; (iii) do not require the user to have a pre-existing relationship with the provider of the site; and (iv) do not necessarily require the user have pre-registered or otherwise store any PII (such as a user ID or password) with or at a third party authentication entity.